Decrypting Cisco type-7 password

There are many ways a Cisco Type-7 password could be decrypted. Look at the following encoded passwords.

It could be decoded using any of the following methods:

  1. Using Cisco IOS
  2. An online website
  3. A freeware program
  4. A Perl script


The Cisco-IOS method might not be new to some, but those that don’t know about it will find it useful. To decrypt the above passwords directly from Cisco IOS, two key-chains are used. Configure the two key chains and specify the encrypted type-7 password as the key-strings, but by using a ‘7’ before the password:

R1#config t
R1(config)#key chain how-to-decrypt-bobs-pwd
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string 7 1100540318000C031067263D65232226
R1(config)#key chain how-to-decrypt-bruces-pwd
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string 7 151A0A040567292B2A7E332D010019174C5E504B1E441907

When you do a “show key chain” the passwords will be displayed unecrypted:


There are many online websites that does this on the fly. I would recommend using the one in packetlife’s toolbox.


If you are a windows user and you want a method to do it offline without using a router, I’d recommend the free BOSON utility available here. (AVG anti-virus for some odd reason believes this is a trojan, it is not.)


If you are a MAC or Linux/Unix user, you could load the following PERL script to decrypt passwords directly from CLI. I got this script from

#!/usr/bin/perl -w
# $Id:,v 1.1 1998/01/11 21:31:12 mesrik Exp $
# Credits for original code and description,
# SPHiXe, .mudge et al. and for John Bashinski
# for Cisco IOS password encryption facts.
# Use of this code for any malicious or illegal purposes is strictly prohibited!
@xlat = ( 0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41,
          0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c,
          0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53 , 0x55, 0x42 );
while (<>) {
        if (/(password|md5)\s+7\s+([\da-f]+)/io) {
            if (!(length($2) & 1)) {
                $ep = $2; $dp = "";
                ($s, $e) = ($2 =~ /^(..)(.+)/o);
                for ($i = 0; $i < length($e); $i+=2) {
                    $dp .= sprintf "%c",hex(substr($e,$i,2))^$xlat[$s++];

3 thoughts on “Decrypting Cisco type-7 password

Please leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s